On Wednesday 21 April 2004 17:38, Tom Allison wrote:
> Where razor starts to shine is this:
> First, I use razor, but I do not use anything like SpamAssassin. I use
> bogofilter which is a much more advanced form of statistical filtering
> than Bayesian statistics would provide. More importantly, it's
> different from SpamAssassin which gives me a better chance of detecting
> the spam that has been specifically crafted for SpamAssassin to miss.
> If I razor-report it, then all of the SpamAssassin clients are aided.
>
> In addition to this, if a small group of people razor-report the spam,
> then the rest don't have to worry about it. The delivery of spam is
> limited to only those who couldn't detect the spam locally and
> chronologically before razor agent had confirmation on it's spam status.
Not withstanding your "Product A Sucks Product B Rocks" characterization
of my argument, I am not pushing SpamAssassin per se, merely pointing
out that which you (perhaps unwittingly) repeated above.
Namely, that razor NEEDS something else to train it. Be that bogofilters
or SA or whatever...
You will remember that Vipul several times requested that people review each
submission by eyeball before submitting to Razor. When it became obvious
that this was not being done, in favor of automated submissions from SA and
bayes and bogofilters, he suddenly became quiet on this subject. Perhaps he
realized that there was just too much spam out there for human review, and
that the spammers were changing it just enough with each batch to evade
Razor, and therefore he was in an arms race he could not win.
That is, he could not win (or even keep up) unless automated submission
became the norm.
What I maintain, is that it will STILL always be hopelessly behind, and
therefore effective ONLY at detecting yesterday's spam. What you get
tomorrow will be totally different and will not appear in the razor database.
Part of the problem is the trust system:
It takes a significant number of submissions to get something to rank high
enough to be called spam by Razor, due to the lack of control over what is
submitted, by whom.
Razor has to wait for the trust level to rise (get enough low-trust
submissions or a few high trust submissions) so that a mail can be called
spam. (Had Vipul stuck with one of his earlier ideas of useing ONLY
a few submitters with customized spam-trap addresses he might have
avoided this, but probably would have had other problems).
By the time that occurs, the spammer has morphed the spam so that the
process has to begin all over again. You just don't get the same spam
day after day any more.
(Giving razor it's due, this is where it shines. You might get the odd
spam three times in a row, but after that its toast.)
But the nail in the coffin (IMHO) was that in my analysis of my spam
EVERYTHING flagged by razor would have been called spam
by SA even if razor checks were turned off.
The other part is that with broadband connections (not to mention compromized
windows machines acting as zombies) and spam-friendly hosters, the cost of
cuztomizing each mail is dropping rapidly. This spells doom for razor
because it defeats the very core or razors hashing mechanizm.
--
_____________________________________
John Andersen
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id�70&alloc_id638&op=click
_______________________________________________
Razor-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/razor-users
